Skip to main content

Model-Driven Security in Practice: An Industrial Experience

  • Conference paper

Part of the Lecture Notes in Computer Science book series (LNPSE,volume 5095)


In this paper we report on our experience on using the so-called model-driven security approach in an MDA industrial project. In model-driven security, “designers specify system models along with their security requirements and use tools to automatically generate system architectures from the models.” Our report includes a discussion of the languages that we used to model both the functional and the security system’s requirements, as well as a description of the transformation function that we developed to build from the security-design models the system’s access control infrastructure. The report concludes with the lessons about the feasibility and practical industrial relevance of the model-driven security approach that we learned from this experience.


  • Access Control
  • Transformation Function
  • Access Control Policy
  • Test Report
  • Authorization Constraint

These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.

Research partially supported by Spanish MEC projects TIN2005-09207-C03-03 and TIN2006-15660-C02-01, and by Comunidad de Madrid Program S-0505/TIC/0407. In addition, Christiano Braga’s and Viviane Silva’s research is supported, respectively, by the “Ramón y Cajal” and “Juan de la Cierva” Spanish MEC postdoctoral programmes, and Marina Egea’s research by a Spanish MEC predoctoral grant.

This is a preview of subscription content, access via your institution.

Buying options

USD   29.95
Price excludes VAT (USA)
  • DOI: 10.1007/978-3-540-69100-6_22
  • Chapter length: 12 pages
  • Instant PDF download
  • Readable on all devices
  • Own it forever
  • Exclusive offer for individuals only
  • Tax calculation will be finalised during checkout
USD   99.00
Price excludes VAT (USA)
  • ISBN: 978-3-540-69100-6
  • Instant PDF download
  • Readable on all devices
  • Own it forever
  • Exclusive offer for individuals only
  • Tax calculation will be finalised during checkout
Softcover Book
USD   129.00
Price excludes VAT (USA)


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. Basin, D., Clavel, M., Doser, J., Egea, M.: A metamodel-based approach for analyzing security-design models. In: Engels, G., Opdyke, B., Schmidt, D.C., Weil, F. (eds.) MODELS 2007. LNCS, vol. 4735, pp. 420–435. Springer, Heidelberg (2007)

    CrossRef  Google Scholar 

  2. Basin, D.A., Doser, J., Lodderstedt, T.: Model driven security: From UML models to access control infrastructures. ACM Transactions on Software Engineering and Methodology 15(1), 39–91 (2006)

    CrossRef  Google Scholar 

  3. Ferraiolo, D.F., Sandhu, R.S., Gavrila, S., Kuhn, D.R., Chandramouli, R.: Proposed NIST standard for Role-Based Access Control. ACM Transactions on Information and System Security 4(3), 224–274 (2001)

    CrossRef  Google Scholar 

  4. Kleppe, A., Bast, W., Warmer, J.B., Watson, A.: MDA Explained: The Model Driven Architecture–Practice and Promise. Addison-Wesley, Reading (2003)

    Google Scholar 

  5. Object Management Group. Object Constraint Language specification (2004),

  6. Object Management Group. Unified Modeling Language specification (2004),

Download references

Author information

Authors and Affiliations


Editor information

Editors and Affiliations

Rights and permissions

Reprints and Permissions

Copyright information

© 2008 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Clavel, M., da Silva, V., Braga, C., Egea, M. (2008). Model-Driven Security in Practice: An Industrial Experience. In: Schieferdecker, I., Hartman, A. (eds) Model Driven Architecture – Foundations and Applications. ECMDA-FA 2008. Lecture Notes in Computer Science, vol 5095. Springer, Berlin, Heidelberg.

Download citation

  • DOI:

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-540-69095-5

  • Online ISBN: 978-3-540-69100-6

  • eBook Packages: Computer ScienceComputer Science (R0)